U.S. patent number 5,809,143 [Application Number 08/896,316] was granted by the patent office on 1998-09-15 for secure keyboard.
Invention is credited to Thomas S. Hughes.
United States Patent |
5,809,143 |
Hughes |
September 15, 1998 |
Secure keyboard
Abstract
Apparatus and methods are provided for transacting secure
purchase and bill payment transactions. A method for transacting a
secure purchase via an internet using a system including a
computer, a first communication device coupled to the computer and
to the internet, and a secure keyboard, the secure keyboard
including a controller, an interface between the controller and the
computer, a removable media interface, an alphanumeric keypad, an
encryption device, and a second communication device coupled to a
secure host, includes the steps of browsing the internet via the
first communication device, retrieving item data for a purchase
from the internet via the first communication device, accessing
information from removable media using the removable media
interface, the information including a user identifier and an
issuer identifier, entering a personal identifier number (PIN) on
the alphanumeric keypad, encrypting the PIN using the encryption
device, sending to the secure host via the second communication
device, the information, the item data, and the encrypted PIN, the
secure host blocking the information and the PIN from the internet,
the secure host requesting authorization from a bank system for
making the purchase using the information and PIN, proceeding with
the purchase if the secure host receives from the bank system a
bank authorization for the purchase, otherwise canceling the
purchase, the secure host sending purchase transaction data to the
secure keyboard via the second communication device, and the secure
keyboard printing a purchase transaction receipt.
Inventors: |
Hughes; Thomas S. (Rancho Palos
Verdes, CA) |
Family
ID: |
24281992 |
Appl.
No.: |
08/896,316 |
Filed: |
June 28, 1997 |
Related U.S. Patent Documents
|
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
Issue Date |
|
|
571016 |
Dec 12, 1995 |
|
|
|
|
Current U.S.
Class: |
705/77; 380/52;
705/40; 705/72; 705/73 |
Current CPC
Class: |
G06Q
20/085 (20130101); G06Q 20/102 (20130101); G06Q
20/341 (20130101); G06Q 20/382 (20130101); G07F
19/201 (20130101); G06Q 20/4097 (20130101); G07F
7/1008 (20130101); G07F 7/1025 (20130101); G07F
19/20 (20130101); G06Q 20/4012 (20130101) |
Current International
Class: |
G07F
7/10 (20060101); G07F 19/00 (20060101); H04K
001/00 () |
Field of
Search: |
;380/23,24,25,52 |
References Cited
[Referenced By]
U.S. Patent Documents
Primary Examiner: Cain; David C.
Attorney, Agent or Firm: Tower; Lee W.
Parent Case Text
CROSS REFERENCE TO RELATED APPLICATION
This is a continuation-in-part of application Ser. No. 08/571,016
filed on Dec. 12, 1995 now abandoned.
Claims
What is claimed is:
1. A method for transacting a secure purchase via an internet using
a system including a computer, a first means for communicating
coupled to the computer and coupled to the internet, and a secure
keyboard, the secure keyboard comprising a controller, an interface
between the controller and the computer, means for reading
information from a removable media, an alphanumeric keypad, means
for encrypting, and a second means for communicating coupled to a
secure host, the method comprising the steps of:
browsing the internet via the first means for communicating;
retrieving item data for a purchase from the internet via the first
means for communicating, the item data including an item
identifier, an item cost and a merchant identifier;
accessing information from removable media using the means for
reading information from the removable media, the information
including a user identifier and an issuer identifier;
entering a personal identifier number (PIN) on the alphanumeric
keypad;
encrypting the PIN using the means for encrypting;
sending to the secure host via the second means for communicating,
the information, the item data, and the encrypted PIN;
the secure host blocking the information and the PIN from the
internet;
the secure host requesting authorization from a bank system for
making the purchase using the information and PIN;
proceeding with the purchase if the secure host receives from the
bank system a bank authorization for the purchase, otherwise
canceling the purchase;
the secure host sending purchase transaction data to the secure
keyboard via the second means of communicating; and
the secure keyboard printing a purchase transaction receipt.
2. The method of claim 1 further comprising the steps of:
the secure host sending an indication of the bank authorization to
a merchant host and requesting a response;
proceeding with the purchase if the merchant host responds with an
acknowledgement, otherwise canceling the transaction;
the bank system making payment to a merchant account; and
the merchant delivering the item to the customer.
3. The method of claim 1 wherein the means for reading information
from a removable media step comprises means for writing information
to the removable media, and wherein:
the step of accessing information from removable media comprises
the step of:
reading a balance from the removable media; and
the step of sending to the secure host via the second means for
communicating, the information, the item data, and the encrypted
PIN comprises the step of:
sending the balance to the secure host.
4. The method of claim 3 wherein the step of the secure host
sending purchase transaction data to the secure keyboard via the
second means for communicating comprises the step of sending a new
balance with the purchase transaction data and the method further
comprises the step of writing the new balance to the removable
media.
5. The method of claim 1 wherein the alphanumeric keypad comprises
a QWERTY keypad.
6. The method of claim 1 wherein the step of the secure host
sending purchase transaction data to the secure keyboard via the
second means for communicating comprises the step of:
encrypting the purchase transaction data before sending the
purchase transaction data; and
the method comprises the step of decrypting the purchase
transaction data.
7. The method of claim 1 further comprising the step of:
connecting to the secure host via the second means for
communicating using a stored host access number.
8. A method for transacting a secure bill payment via an internet
using a system including a computer, a first means for
communicating coupled to the computer and coupled to the internet,
and a secure keyboard, the secure keyboard comprising a controller,
an interface between the controller and the computer, means for
reading information from a removable media, an alphanumeric keypad,
means for encrypting, and a second means for communicating coupled
to a secure host, the method comprising the steps of:
browsing the internet via the first means for communicating;
retrieving bill data for a bill payment from the internet via the
first means for communicating, the bill data including a bill
identifier, a bill amount, and a payee identifier;
accessing information from removable media using the means for
reading information from the removable media, the information
including a user identifier and an issuer identifier;
entering a personal identifier number (PIN) on the alphanumeric
keypad;
encrypting the PIN using the means for encrypting;
sending to the secure host via the second means for communicating,
the information, the bill data, and the encrypted PIN;
the secure host blocking the information and the PIN from the
internet;
the secure host requesting authorization from a bank system for
making the bill payment using the information and PIN;
proceeding with the bill payment if the secure host receives from
the bank system a bank authorization for the bill payment,
otherwise canceling the bill payment;
the secure host sending bill payment transaction data to the secure
keyboard via the second means of communicating, the bill payment
transaction data including the amount paid and the payee
identifier; and
the secure keyboard printing a bill payment receipt.
9. The method of claim 8 further comprising the steps of:
the bank system making payment to a payee account;
the secure host sending an indication of the payment to a payee
host; and
the payee host adjusting the bill data.
10. The method of claim 8 wherein the means for reading information
from a removable media step comprises means for writing information
to the removable media, and wherein:
the step of accessing information from removable media comprises
the step of:
reading a balance from the removable media; and
the step of sending to the secure host via the second means for
communicating, the information, the bill data, and the encrypted
PIN comprises the step of:
sending the balance to the secure host.
11. The method of claim 10 wherein the step of the secure host
sending bill payment transaction data to the secure keyboard via
the second means for communicating comprises the step of sending a
new balance with the bill payment transaction data and the method
further comprises the step of writing the new balance to the
removable media.
12. The method of claim 8 wherein the alphanumeric keypad comprises
a QWERTY keypad.
13. The method of claim 8 wherein the step of the secure host
sending bill payment transaction data to the secure keyboard via
the second means for communicating comprises the step of:
encrypting the bill payment transaction data before sending the
bill payment transaction data; and
the method comprises the step of decrypting the bill payment
transaction data.
14. The method of claim 8 further comprising the step of:
connecting to the secure host via the second means for
communicating using a stored host access number.
15. A system for secure electronic financial transactions using an
internet, the system comprising:
a computer;
a first means for communicating coupled to the computer and coupled
to the internet for retrieving first data from the internet;
a secure keyboard comprising:
a controller having an interface to the computer;
means coupled to the controller for reading information from a
removable media, the information including a user identifier and an
issuer identifier;
an alphanumeric keypad coupled to the controller for entering a
personal identification number (PIN);
means for encrypting coupled to the controller; and
second means for communicating the information, the first data, and
the encrypted PIN to a secure host, the second means for
communicating coupled to the controller and the secure host;
wherein the secure host comprises means for blocking the
information and the PIN from the internet.
16. The system of claim 15 wherein the means coupled to the
controller for reading information from a removable media comprises
means coupled to the controller for writing information to the
removable media, the information including a balance.
17. The keyboard of claim 15 wherein the first data comprises an
item identifier, an item cost, and a merchant identifier for
transacting a purchase.
18. The keyboard of claim 15 wherein the first data comprises a
bill identifier, a bill amount, and a payee identifier for
transacting a bill payment.
19. The system of claim 15 wherein:
the second means for communicating comprises means for receiving
transaction data from the secure host; and
the secure keyboard further comprises a printer.
20. The system of claim 19 wherein the alphanumeric keypad
comprises a QWERTY keypad.
21. A secure keyboard for secure electronic financial transactions,
the secure keyboard comprising:
a case;
a controller integral to the case and having an interface to a
computer;
means integral to the case and coupled to the controller for
reading information from a removable media;
a QWERTY alphanumeric keypad integral to the case and coupled to
the controller for entering a PIN;
means for encrypting the PIN integral to the case and coupled to
the controller; and
means for communicating the information and the encrypted PIN to a
secure host, the means for communicating integral to the case and
coupled to the controller and the secure host.
Description
FIELD OF THE INVENTION:
This invention relates to the field of secure communications, and
in particular secure transactions using the internet.
BACKGROUND
There is much concern about the security of financial transactions
using the internet. While the internet is very useful for browsing
for information, many are quite hesitant to send their credit card
and personal identification number (PIN) via the internet, because
there is a significant risk that the information can be intercepted
on the internet and stolen. One way to avoid the problems of the
internet is not to use it at all; however, this means that the
benefits of the internet cannot be realized.
Thus, it would be desirable to have a system that allows the
information browsing features of the internet to be used while
avoiding the security risks.
SUMMARY OF THE INVENTION:
According to the invention, apparatus and methods are provided for
secure purchase and bill payment transactions. A method for
transacting a secure purchase via an internet using a system
including a computer, a first communication device coupled to the
computer and to the internet, and a secure keyboard, the secure
keyboard including a controller, an interface between the
controller and the computer, a removable media interface, an
alphanumeric keypad, an encryption device, and a second
communication device coupled to a secure host, includes the steps
of browsing the internet via the first communication device,
retrieving item data for a purchase from the internet via the first
communication device, accessing information from removable media
using the removable media interface, the information including a
user identifier and an issuer identifier, entering a personal
identifier number (PIN) on the alphanumeric keypad, encrypting the
PIN using the encryption device, sending to the secure host via the
second communication device, the information, the item data, and
the encrypted PIN, the secure host blocking the information and the
PIN from the internet, the secure host requesting authorization
from a bank system for making the purchase using the information
and PIN, proceeding with the purchase if the secure host receives
from the bank system a bank authorization for the purchase,
otherwise canceling the purchase, the secure host sending purchase
transaction data to the secure keyboard via the second
communication device, and the secure keyboard printing a purchase
transaction receipt.
BRIEF DESCRIPTION OF THE DRAWINGS:
FIG. 1 is a schematic of a secure keyboard in accordance with the
present invention.
FIG. 2 is a schematic of a prior art computer system.
FIG. 3A and FIG. 3B are illustrations of the top and front
elevation views, respectively, of a secure keyboard in accordance
with the present invention.
FIGS. 4A, 4B, and 4C illustrate the information content stored on a
credit card, debit card and smart card.
FIGS. 5A and 5B are flow diagrams of a method for a purchase
transaction using a secure keyboard in accordance with the present
invention.
FIG. 6 is an illustration of a purchase payment receipt in
accordance with the present invention.
FIGS. 7A, 7B and 7C are flow diagrams of a method for a bill
payment using a secure keyboard in accordance with the present
invention.
FIG. 8 is an illustration of a bill payment receipt in accordance
with the present invention.
FIGS. 9A and 9B are flow diagrams of a method for smart card
balance transactions using a secure keyboard in accordance with the
present invention.
FIG. 10 is an illustration of a smart card balance transaction
receipt in accordance with the present invention.
FIG. 11 is a schematic of a system including a computer, modem,
secure keyboard, and secure host in accordance with the present
invention.
FIG. 12 is a schematic of the system of FIG. 11 illustrating the
steps for a secure purchase transaction in accordance with the
present invention.
FIG. 13 is a schematic of the system of FIG. 11 illustrating the
steps for a secure bill payment transaction in accordance with the
present invention.
FIG. 14 is a schematic of the system of FIG. 11 illustrating the
steps for a secure smart card balance transaction in accordance
with the present invention.
FIG. 15 is a flow diagram of a method for a secure purchase
transaction using a secure keyboard in accordance with the present
invention.
FIG. 16 is a flow diagram of a method for a secure bill payment
transaction using a secure keyboard in accordance with the present
invention.
FIG. 17 is a flow diagram of a method for a secure smart card
balance transaction using a secure keyboard in accordance with the
present invention.
FIGS. 18A and 18B are flow diagrams of a method for a secure
purchase transaction using a secure keyboard in accordance with the
present invention.
FIGS. 19A and 19B are flow diagrams of a method for a secure bill
payment transaction using a secure keyboard in accordance with the
present invention.
FIGS. 20A and 20B are flow diagrams of a method for a secure smart
card balance transaction using a secure keyboard in accordance with
the present invention.
DETAILED DESCRIPTION
Referring now to the drawing, and more particularly to FIG. 1, a
secure keyboard 10 is shown, which includes a computer interface 31
coupled to computer 12. The computer 12 is coupled to a printer 14
and a monitor 16 and has access to a communication network 20 via
modem 18. The secure keyboard has a controller 32, which is coupled
to magnetic card reader 34, smart card interface 36, terminal
number register 38, a QWERTY keypad 30, number pad and function
keys 30, an encrypter and decrypter 40, and sequence counter 46. As
shown, the encrypter/decrypter 40 is coupled to a modem 44 which is
attached to a communication network 48. The host number register 42
is coupled to modem 44. The communication network 48 can be a
telephone line or other communication network such as a cable, or a
satellite communication network. In the case of a phone line the
communication network 48 can be the same line as communication
network 20, which can be a phone line. The secure keyboard 10 is
designed to communicate to a particular host via a host number,
which is stored in host number register 42. When modem 44 is used,
the host register 42 is read by modem 44 in order to dial the host.
In general, the modem 44 is not used to connect to any destination
via communication network 48.
The secure keyboard 10 also has a printer port 33, which can be
used to interface to a printer. The QWERTY keypad 30, number
keypad, and function keys 30 can be used in general to input data
to computer 12 in the same fashion as with a prior art keyboard,
which is shown in FIG. 2. FIG. 2 illustrates a QWERTY keypad and
number keypad which can also include function keys 22 that
communicate to computer 12, which has a printer 14, a monitor 16,
and a modem 18 attached. In the prior art represented by FIG. 2,
the QWERTY keypad and number keypad 22 is a entry device which is
used to enter data or commands into computer 12. The QWERTY keypad
and number keypad 30 of FIG. 1 can be used in a same way.
However, there are certain entries that can be made on QWERTY
keypad and number keypad 30 that are blocked by controller 32 from
the interface 31 between the controller 32 and the computer 12.
This is the feature that provides security for secure keyboard 10.
The problem of data security is especially important for financial
transactions. Security in secure keyboard 10 is particularly
important if data must be encrypted before being sent via the
communication network. The secure keyboard 10 operates so that data
that needs to be encrypted is blocked by controller 32 from the
interface 31 to the computer 12. The data to be encrypted is sent
to the encrypter 40 and encrypted and sent via modem 44 to the
communication network 48. The blocking of the data to be encrypted
from interface 31 ensures that the data to be encrypted is not sent
by computer 12 in unencrypted form to communication network 20 via
the modem 18. Thus, the data to be encrypted is ensured of being
encrypted before being sent, and is sent directly to the host,
rather than via a nonsecure computer network, such as the
Internet.
The secure keyboard 10 is designed to conduct secure financial
transaction for credit cards, debit cards, and smart cards. In a
typical financial transaction, information is read from a credit,
debit or smart card and then the user enters certain information
via QWERTY keypad and number keypad 30. An important data entered
by the user enter is the user's personal identification number
(PIN). The PIN is assigned to the user by a financial institution
and needs to be kept secure. Today, PINs are in common use with
automatic teller machine (ATM) debit cards. Even though a user may
be able to select his/her own PIN, the PIN should be known only to
the user and the financial institution. The PIN is blocked by
controller 32 from interface 31 into computer 12 and is encrypted
by encrypter 40 and then sent via modem 44 to the host which has
been dialed using the host number in host number register 42. Thus,
when the PIN is on the communication network 48, the PIN is in an
encrypted form. The PIN has been prevented from entering computer
12 and is thereby prevented from possibly being broadcast on
communication network 20 via modem 18.
The magnetic card reader 34 is designed to read information from
credit and debit cards that have a magnetic strip on the back of
them. Credit and debit cards with magnetic strips are quite common
today. The smart card interface 36 is designed to read information
from a smart card and to write information back to the smart card.
A smart card can store information on the card and the information
can be read from the card and new information stored back onto the
smart card. The information is stored in a memory chip on the smart
card.
In order to identify the secure keyboard to the host a terminal
number register 38 maintains the terminal number for the secure
keyboard 10. A sequence counter 46 may be provided in the secure
keyboard. The purpose of the sequence counter is merely to count
each transaction via the communication network 48, so that each
transaction can be given a unique number.
The encrypter 40 can be implemented to encrypt the PIN and other
data via using the data encryption standard DES/DUKPT. The
encrypter 40 can also include a decrypter 40. The purpose of the
decrypter is to decrypt any encrypted data sent to the secure
keyboard from the host via communication network 48. The modem 44
can be a standard modem.
FIGS. 3A and 3B are diagrams illustrating the top and front
elevation views, respectively, of secure keyboard 10. As shown, the
keyboard 10 has a magnetic card reader slot 34 and a smart card
interface 36. The magnetic card reader 34 operates by swiping a
credit or debit card through the slot 34. Other magnetic card
readers can also be used, such as a card reader that operates by
the user inserting the card and then quickly withdrawing the card.
The smart cart interface is operated by inserting a smart card into
slot 36. Also shown in FIG. 3A is the connection 48 to the
communication network and the interface 31 to and from computer 12.
As shown, the secure keyboard has a standard QWERTY keyboard and a
number keypad, as well as function keys. Special function keys can
be included on the secure keyboard such as function keys for
selecting a debit, credit or smart card transaction.
FIG. 4A illustrates the data that is stored on a typical credit
card and on a magnetic strip. Typical information includes a credit
issuer number, a credit card number, the name of the person, and
the expiration date. The credit issuer number can be a bank for
example. Note that the PIN is not stored on the cards. This
prevents a theft from obtaining the PIN number if the card is
stolen. The credit card number is the typical credit card number
that is embossed on the front of the credit card. FIG. 4B shows the
contents typically on a debit card such as an ATM card. This
information is also stored on a magnetic strip on the back of the
card. Typical information includes a bank identification number, a
personal account number, the name of the person, and an expiration
date. This bank identification number is analogous to a credit
issuer number for a credit card and identifies the bank that issued
the debit card. The personal account number is the same as the
account number embossed on the front of the debit card and is not
to be confused with the PIN. FIG. 4C shows the contents stored on a
smart card. The contents are stored on a memory chip that is within
the smart card. The memory chip can be read and written by
interface electronics in the smart card interface 36. The
information stored on a smart card typically includes the issuer
number, the smart card number, the name of the person, the
expiration date, and the balance available on the smart card. Since
a smart card is designed to be read as well as written, the balance
can change as transactions are conducted using the smart card. For
example, the balance is increased when funds are transferred from a
bank account to the smart card.
FIG. 5 illustrates a method for conducting a purchase transaction
using the secure keyboard 10. In step 60 a purchase transaction is
selected. The user is then prompted via the monitor 16 to enter a
password with is checked in step 64 for validity. Then the user is
prompted via the monitor 16 to enter a card type, such as credit
card, debit card or smart card. Then in the step 68 the user is
prompted to swipe the credit or debit card via the magnetic card
reader 34 or to insert the smart card into smart card interface 36.
Then in step 70, the information as illustrated in FIG. 4A, 4B, or
4C is read from the card. Then in step 72, the user is prompted via
monitor 16 to enter a dollar amount for the transaction. Also in
step 72 the dollar amount that has been entered can be checked to
determine whether the dollar amount is between certain maximum or
minimum amounts that have been specified. Then in step 74, the user
is prompted to enter a recipient name or number for the
transactions. The recipient can be a merchant. Then in step 76, the
user is prompted to enter a trade number, which provides further
identification of the recipient/merchant, if that is required. Then
in step 78, the user is prompted to enter a purchase item number.
For example, a purchase item number might be a catalog number and
item number for an item in the catalog. In FIG. 5B, in step 80 the
user is prompted to enter his or her personal identification number
(PIN). It is common now to enter personal identification numbers
when transacting debit card or ATM card transactions. This is not a
common thing when transacting a credit card transaction. However,
in the future a PIN entry might be required for all financial
transactions since use of a PIN ensures that the transaction is
more secure. For a smart card transaction a PIN is required.
Then in step 82 the PIN is encrypted. The host is then dialed in
step 84 using the host number read from host number register 42.
Then in step 86, the card information, the dollar amount, the
recipient/merchant name and number, the trace number, the item
number, the sequence number, the terminal number, and encrypted PIN
are send to the host. It is possible that some data items may not
be sent and/or that additional data items may be sent. As discussed
before the sequence number is a number that increments each time a
transaction is conducted in order to identify the transaction
number on a receipt which can be printed later. The terminal number
is another way to identify the source of the transaction to the
host. In step 88 if the host approves the transaction, then a
credit card account is charged, a debit account is debited, or a
smart card balance is debited. Note that when the smart card is
debited then the host changes the smart card balance stored on the
smart card, as shown on FIG. 4C. In step 90 the host sends data for
a receipt and the receipt is printed using printer 14. Alternately,
the receipt can be sent to a printer via printer port 33 on secure
keyboard 10. In step 92, if the host disapproves the transaction,
then the transaction is terminated.
For a purchase transaction the host will then forward the
information to the recipient. For example if the recipient is a
merchant, then the merchant will ship the item to the purchaser. A
purchase transaction can also be used to purchase a service. In
case of a service, when the recipient is paid, the recipient
provides the service to the purchaser. For example, the recipient
can be a cleaning service.
FIG. 6 shows a purchase receipt that is printed when the
transaction in completed. As shown, the transaction on the receipt
includes the user name, the terminal number, the date, the amount
charged or debited, the account number, the transaction type
(credit, debit, or smart card), the new balance for a smart card or
debit card transaction, the recipient/merchant name, the
recipient/merchant number, the trace number, the item number, the
shipping date for goods to be shipped, a transaction reference
number, and the sequence number. Note that the sequence number was
originally sent from the secure keyboard to the host. The
transaction reference number is used by the host as another way to
track the transaction.
FIG. 7A is a method for transacting bill payment transactions using
secure keyboard 10. In step 100 a bill payment transaction is
selected and in step 102 the user is prompted to enter a password,
which in step 104 is checked for validity. Then in step 106, the
user is prompted to enter a profile number. If a profile number is
entered, then the profile is displayed to the user on monitor 16.
Alternatively the user can enter data for a new profile. The new
profile data includes the recipient/merchant name and number, etc.
Or the user can scan stored profiles to select a profile. When a
profile is displayed, the monitor 16 shows the profile data, which
includes: the recipient/merchant name, the recipient/merchant
number, the trace number, the amount to send, the amount last sent,
and the next date to send, as shown in step 108.
The profile for a bill payment transaction can be stored in a
profile log memory 37 on the secure keyboard 10. The profile log
memory is coupled to the controller 32.
Profiles are particularly useful when a particular bill is paid on
a regular basis to a particular merchant or to a recipient, which
is a provider of services, such as the telephone company. By
selecting a stored profile, the user is relieved of the task of
reentering the data for the recipient/merchant each time the bill
is paid. When a profile is displayed the user is prompted to enter
yes or no for payment of the bill. If the user selects yes, then
the profile is marked as active, and the user is prompted for a
dollar amount which can be the amount last sent as a default. The
entered dollar amount can be validated against specified minimum
and maximum amounts. If user selects not to pay that profile then
the next profile can be displayed.
In step 112 the user is prompted for a card type such as credit,
debit, or smart card. Then in step 114 the user is prompted to
swipe the credit or debit card or to insert the smart card into
smart card interface 36. Then in step 116 the information on the
card per FIG. 4A, 4B, or 4C is read from the card. Then in step 118
the user is prompted to enter his or her personal identification
number (PIN). In step 120 the PIN is encrypted and step 122 the
host is dialed using the host number stored in host number register
42 and the secure keyboard is connected via the communication
network 48 to the host. Then in step 124, the card information, the
dollar amount, the recipient/merchant name, the recipient/merchant
number, the trace number, the sequence number, the terminal number,
and encrypted PIN are sent to the host. In step 126 if the host
approves the transaction, then the credit account is charged, the
debit account is debited, or the smart card is debited by the
amount of the transaction. Then in step 128 the host sends data for
a receipt and the receipt can be printed using printer 14.
Alternately, the receipt can be sent to a printer via printer port
33 on secure keyboard 10. In step 130, if the host disapproves the
transaction, then the transaction is terminated and the bill is not
paid.
FIG. 8 shows a form of a bill payment receipt. The bill payment
receipt includes the user name, the terminal number, the date, the
amount charged or debited, the account number, the transaction type
such as credit, debit, or smart card, a new balance if the
transaction is a smart card or a debit card transaction, the
recipient/merchant name, the recipient/merchant number, the trace
number, the transaction reference number, and finally the sequence
number.
FIGS. 9A and 9B are flow diagrams of a method for smart card
balance transactions using the secure keyboard 10. In step 140 a
smart card balance transaction is selected. The user is then
prompted via the monitor 16 in step 142 to enter a password with is
checked in step 144 for validity. Then in the step 146 the user is
prompted to insert the smart card into smart card interface 36.
Then in step 148, the information as illustrated in FIG. 4C is read
from the card. Then in step 150, the user is prompted via monitor
16 to enter a dollar amount for either increasing or decreasing the
balance of the smart card. If the dollar amount on the smart card
is increased then the account at the financial institution is
debited. If the dollar amount on the smart card is decreased then
the account at the financial institution is credited by the amount.
Thus, a user via the secure keyboard can transfer money to and from
the smart card. Also in step 150 the dollar amount that has been
entered can be checked to determine whether the dollar amount is
between certain maximum or minimum amounts that have been
specified. In FIG. 9B, in step 151 the user is prompted to enter
his or her personal identification number (PIN). Then in step 152
the PIN is encrypted by encrypter 40. The host is then dialed in
step 154 using the host number read from host number register 42.
Then in step 156, the card information, the dollar amount, the
sequence number, the terminal number, and encrypted PIN are sent to
the host. It is possible that some data items may not be sent
and/or that additional data items may be sent. Also more of the
data items can be encrypted by encrptor 40 before being sent. As
discussed before, the sequence number is a number that increments
each time a transaction is conducted in order to identify the
transaction number on a receipt which can be printed later. The
terminal number identify is another way to identify the source of
the transaction to the host. In step 158 if the host approves the
transaction then a smart card balance is increased or decreased. In
step 160 the host sends data for a receipt and the receipt is
printed using printer 14. Alternately, the receipt can be sent to a
printer via printer port 33 on secure keyboard 10. In step 162, if
the host disapproves the transaction, then the transaction is
terminated.
FIG. 10 shows a receipt that is printed when the transaction in
completed. As shown, the receipt includes the user name, the
terminal number, the date, the amount credited or debited, the
account number, the transaction type (smart card), the new balance
for the smart card, a transaction reference number, and the
sequence number. Note that the sequence number was originally sent
from the secure keyboard to the host.
FIG. 11 is a schematic of a system including a computer, modem,
secure keyboard, and secure host in accordance with the present
invention. In particular, FIG. 11 shows the coupling between
computer 12, modem 18, and the Internet 182. FIG. 11 also shows the
interface between secure keyboard 10, modem 44, and secure host
188. The Internet 182 contains home pages 184, which are created by
merchants 186. The merchant 186 may be a merchant host or a payee
host computer. The purpose of the secure host 188 is to prevent
data that is sent from secure keyboard 10 via modem 44 to secure
host 188 from being available or sent to the insecure Internet 182.
The secure host 188 has an interface 196 to the banking system 190.
The secure host also has an interface 185 to a merchant host 186.
The secure host sends only data that is necessary to be sent via
interfaces 185 and 186 and prevents sensitive information such as
credit card information and personal identification number (PIN)
data from being sent to the merchant 186. The secure host 188 does
send the needed credit card/debit card/smart card information via
interface 196 to the banking system 190 to request approval for
financial transactions.
In summary, the system of FIG. 11 allows the user to browse the
Internet via modem 18, find an item to buy or a bill to pay,
retrieve that data from the Internet via modem 18, and then pay for
the purchase or pay the bill using the secure keyboard 10 and
communicating via modem 44 to secure host 188. This allows the
sensitive data to remain out of the Internet entirely, while at the
same time allowing the user to use the Internet for its strengths
which are browsing for merchant data.
FIG. 12 shows the sequence of a secure purchase transaction using
the system of FIG. 11. First the user browses the Internet 182 via
modem 18 which is connected to computer 12. This is indicated on
FIG. 12 by the "1" in a circle. Next when the user finds something
that he or she wishes to buy, the item data associated with the
item is retrieved from the Internet and downloaded via modem 18 to
computer 12. Next the user uses a credit card, a debit card or a
smart card to make the purchase and enters the information from the
card into the secure keyboard 10 via removable media interface 31.
Removable media interface 31 is a reader which can read a credit
card, a debit card and/or a smart card. After the removable media
has been read, then the user enters his or her PIN. The PIN entry
may not be required for a credit card transaction. The PIN is then
encrypted and the credit card information can also be encrypted and
then the PIN, the order data and the credit card, debit card or a
smart card information are sent via modem 44 to secure host 188.
Next the secure host sends the card information and the PIN to the
banking system 190. The banking system checks to ensure that a
proper credit card, debit card or smart card and PIN have been
received and if the credit card/debit card/smart card and
associated PIN is correct, then the banking system responds back to
the secure host 188 with authorization to proceed with the
transaction. Then the secure host notifies the merchant host 186
that there is purchase being made and the secure host can inform
the merchant host what the item is and also identify the user that
is buying the item. The merchant responds with an acknowledgment to
the secure host and the secure host then can cause the banking
system to make the payment to the merchant's account and then send
data for the purchase transaction to modem 44. Then the secure
keyboard can print a receipt on printer 29 shown in FIG. 11.
Finally, the merchant host arranges shipment of the item to the
user/consumer.
Since the payment to the merchant account is all done within the
banking system from the user's banking account to the merchant's
banking account, it is in general not necessary, especially in a
debit transaction or a smart card transaction, to send any
information about the debit card or the smart card to the merchant
host. However, in a credit card transaction, the merchant may feel
more secure in at least knowing the credit card number of the user
for the transaction. So in the case of credit cards, the
communication between the secure host and the merchant host may
include the credit card number.
FIG. 15 is a flow diagram of a method for a secure purchase
transaction using the secure keyboard. In step 1000 the customer
browses the Internet via a first communication means, which is
modem 18 in FIG. 11 and retrieves item data, which includes the
item identifier, item cost, and merchant identifier for a purchase
transaction. In step 1002 card information, which includes the card
holder identifier and the issuer identifier, is read when the card
holder inserts his or her card in the removable media interface 31.
The user then enters a PIN which is encrypted and then the
encrypted PIN, the item data, and the card information are all sent
to secure host 188 via the secure keyboard second communication
means, which in FIG. 11 corresponds to modem 44. Note that a PIN
entry may not be required for a credit card transaction. Then in
step 1004 the secure host requests authorization from the banking
system. Then in step 1006 the secure host receives authorization
from the banking system and, if not, the order is canceled. When
the banking system gives authorization for the purchase, the
customer's card account is adjusted. Then in step 1008, the
purchase authorization is sent by the secure host to the merchant
host with a request for the merchant response. This allows the
merchant to know that the item has been ordered so that the
merchant can make shipment and also so that the merchant can adjust
his inventory and also be notified that he will be paid via the
banking system for the transaction. Then in step 1010, the merchant
acknowledges the request. If not, the order can be canceled. For
instance, the merchant may not acknowledge the request if the item
is not available. Then in step 1012 the banking system makes
payment to the merchant bank account from the customer account.
Then in step 1014 the merchant ships the item to the customer.
Finally, in step 1016 the purchase is complete and data for the
receipt is sent from the secure host to the secure keyboard via
modem 44 and a receipt is printed on printer 29 or the receipt
could be printed on printer 14 or another printer attached to
printer port 33.
FIG. 13 illustrates the steps that are made to perform a secure
bill payment transaction. First the user via modem 18 browses the
Internet and selects a bill to pay. The selection of a bill to pay
may be by going to a home page of a particular provider of a
service such as a telephone company or it could be by going to a
home page of a service which compiles bills from a number of
companies and allows you to select which ones to pay that month.
Once the user has selected a bill to pay, the bill data is returned
to the user via modem 18. Next, the user scans the removable media
information (i.e. credit card/debit card/smart card information)
via removable media interface 31 and the user enters a PIN using
QWERTY keypad 30. Note that for a credit card transaction the PIN
may not be required. The PIN is encrypted using encrypter 40 and
the encrypted PIN and the bill payment data is sent in step 3 to
secure host 188. Then similar to the purchase transaction steps,
the secure host requests authorization from the banking system 190
in step 4 and then in step 5 as is shown by the circled "5" on FIG.
13, the banking system if it authorized the payment notifies the
secure host 188. Then the secure host notifies the payee of the
payment and requests an acknowledgment from the payee. The
notification to the payee is necessary so that the payee can adjust
the bill data that is displayed in the Internet and also so that
the payee will know that he or she is being paid. When the payee
host responds in step 7, then the secure host sends bill payment
data for printing a receipt back to the user via modem 44 in the
secure keyboard 10.
FIG. 16 is a flow diagram of a method for a secure bill payment
transaction using the secure keyboard. In step 1020 the customer
browses the Internet via first communication means (e.g. modem 18)
and retrieves the bill data for a bill to pay. The bill data
includes a bill identifier, a bill amount and a payee identifier.
In step 1022, card information is read using removable media
interface 31 and a PIN is entered and encrypted. Note that for a
credit card transaction the PIN may not be required. The bill data
and card information may also be encrypted and then all are sent to
secure host 188 via secure keyboard 44. Then the secure host
requests authorization from the banking system in step 1024. If the
secure host receives authorization from the banking system in step
1026, then the transaction is authorized, otherwise the transaction
can be canceled. In step 1028, the bank system makes payment to the
payee bank account from the customer account or charges the
customer account credit card in the case of a credit card
transaction. Then in step 1030, a bill payment indication is sent
by the secure host to the payee host. Whether the bill payment
indication includes a credit card number or not is determined
according to the same considerations discussed above for a purchase
transaction. In the case of a credit card the payee may need or
want the credit card but in the case of a debit card or a smart
card, the card information is not needed by the payee. In step
1032, the payee host adjusts the bill data which is displayed on
the Internet to account for the payment of the bill and then in
step 1034 the bill payment is complete and the data is sent to
secure host via the second communication means (modem 44) so that a
receipt can be printed.
FIG. 14 illustrates a smart card balance transaction which can be
done in a secure fashion using the secure keyboard. In this case it
is not necessary for the user to browse the Internet to find an
item to buy or a bill to pay. Rather, the user wishes to increase
or decrease the balance contained on the smart card. The first step
is for the user to scan the smart card information using the
removable media interface 31 or the smart card interface 36 which
can be a component of the removable media interface 31. Then the
user enters a PIN on the secure keyboard. The PIN is encrypted and
the smart card information can also be encrypted and then sent to
secure host 188. Then the secure host makes a request to the
banking system to adjust the balance. The banking system inspects
the account data and the PIN and if the transaction is authorized
the bank system so notifies the secure host and then the secure
host sends to the modem 44 in the secure keyboard 10, the data
including the new balance and data for printing a receipt for the
balance transaction. The new balance is written to the smart card
via the removable media interface.
FIG. 17 illustrates the steps for the secure smart card balance
transaction. In step 1040 smart card information which includes the
card holder identifier balance and the issuer identifier is read. A
desired balance change is entered by the user and a PIN is entered
and encrypted. The card information and the balance change
requested by the user may also be encrypted and then all are sent
to secure host 188 via secure keyboard second communication means
(modem 44). Then in step 1042, the secure host requests
authorization from the banking system and then in step 1044 the
secure host receives the authorization from the banking system and,
if not, the transaction is canceled. If the transaction is
authorized, then the customer's card account is adjusted. Then in
step 1046 a new balance is sent by the secure host to the modem 44
and written to the smart card via smart card interface 36. Finally,
in step 1048 the smart card balance transaction is complete and
data is sent for the transaction from the secure host to the secure
keyboard via modem 44 and a receipt is printed for the transactions
using one of the printers discussed above.
FIGS. 18A and 18B shows another more detailed method for a secure
purchase transaction using the secure keyboard. The key difference
between this method and the previous method is in the amount of
detail that is included in FIGS. 18A and 18B. In step 1060, a
purchase transaction is selected via the Internet and item data is
retrieved via first communication means (modem 18). Then in step
1062, the user is prompted for a password. This step is optional
but checking for a password for validity in 1064 can prevent other
unauthorized users from using the secure keyboard for these kind of
transactions. Then in step 1066, the user is prompted for the card
type, whether it is a credit, debit or smart card transaction. Step
1066 is optional, because the removable media interface can sense
the type of card it is reading. In step 1068 the user swipes or
inserts or in some way interfaces the credit/debit/smart card to
the removable media interface 31. Then in step 1070 the information
is read from the card. Then in step 1080 the user is prompted for a
PIN entry, which may not be required for a credit card, and then in
step 1082 the PIN is encrypted. Then in step 1084 the secure
keyboard modem dials and connects to the secure host using the host
access number stored in host number register 42. Then the card
information, the item data and the encrypted PIN are sent to the
secure host via modem 44. Then in step 1088 the secure host
requests approval from the bank for the transaction. If the
approval is granted, then the credit account is charged, or the
debit account is debited or the smart card is debited by reducing
the balance on the smart card. If the bank does not approve the
transaction, then the transaction is canceled. Then in step 1090
the purchaser is notified of the authorization and the merchant
acknowledges the authorization and ships the item to the customer.
Finally, in step 1092, the secure host sends data for a receipt to
the secure keyboard via modem 44 and a receipt is printed.
FIGS. 19A and 19B show a detailed method for a secure bill payment
transaction. In step 1100 a bill payment transaction is selected
and a particular bill is selected via the Internet for payment.
Then the bill data is retrieved via modem 18. Then in step 1102 the
user is prompted for a password and the entered password is checked
for validity in step 1104. Then in step 1106, the user is prompted
for a card type, whether it be credit, debit or smart card. As
discussed above this step is optional. Then in step 1108 the user
is prompted to enter the credit/debit/smart card information by
swiping or inserting the cards. Then in step 1110, the information
is read from the card according to the type of information shown in
FIGS. 4A, 4B, or 4C, respectively for credit, debit, or smart
cards. Then in step 1111 the user is prompted for entering a PIN,
which may not be required for a credit card. Then in step 1112, the
PIN is encrypted and then in step 1114 the secure host is dialed by
using the host access number stored in host register 42 and the
secure keyboard modem 44 is connected to the secure host 188. Then
in step 1116 the card information, the bill data and the encrypted
PIN are sent to the secured host via the modem 44 in the secure
keyboard 10. Then in step 1118, the secure host requests approval
from the banking system and if it is approved then the credit card
account is charged, or the debit account is debited or the smart
card is debited by reducing the balance of the smart card. If not
approved, the transaction is canceled. In step 1120, the payee is
notified of the authorization and the payee acknowledges the
payment and the payer's bill is adjusted. Then in step 1122, the
secure host sends data for printing a receipt to the secure
keyboard via modem 44 and a receipt is printed.
FIGS. 20A and 20B illustrate a detailed smart card balance
transaction. In step 1142, the user is prompted for a password,
which is checked for validity in step 1144. The password is used to
prevent an unauthorized user from using the secure keyboard for a
smart card transaction. Then in step 1146, the user is prompted to
insert the smart card into the smart card reader 36 included in the
removable media interface 31. Then in step 1148 the information is
read from the smart card. In step 1150, the user is prompted for
the dollar amount to increase the balance or to decrease the
balance of the smart card. The amount entered is validated against
a pre-known maximum or minimum threshold amount. If the dollar
amount is above or below the maximum thresholds, then the
transaction is canceled, otherwise the transaction is allowed to
proceed. Then in step 1151 the user is prompted for entering a PIN
and in step 1152, the PIN is encrypted. Then in step 1154, the
secure keyboard modem dials and connects to the secure host 188
using the stored access number which is stored in host register 42.
Then in step 1156 the card information, the dollar amount to
increase or decrease the balance, and the encrypted PIN are sent to
the secured host. It is possible to also encrypt the card
information and the dollar amount before these are sent to the
secure host. In step 1158, the secure host requests approval from
the bank and if approved then the smart card balance is increased
or decreased by sending the proper information via modem 44 to the
smart card interface 36 and writing the new balance onto the smart
card. If the transaction is not approved by the bank then the
transaction is terminated. Finally, in step 1160 the secure host
sends data for a receipt for the smart card transaction to the
secure keyboard via modem 44 and a receipt is printed.
The described embodiments of the invention are only considered to
be preferred and illustrative of the inventive concept, the scope
of the invention is not to be restricted to such embodiments.
Various and numerous other arrangements may be devised by one
skilled in the art without departing from the spirit and scope of
this invention.
It is therefore intended by the appended claims to cover any and
all such applications, modifications and embodiments within the
scope of the present invention.
* * * * *